All, the import went through smoothly and you should be able to get it from a cvs(up) server near you by now. Some general, random notes: 1) Anchor syntax changed | Users of authpf(8) must change their anchor rule in the main ruleset from | anchor authpf | to | anchor "authpf/*" 2) pfsync takes syncdev instead of syncif: When configuring the pfsync device, use 'syncdev' instead of the deprecated keyword 'syncif'. 3) authpf(8) needs a mounted fdescfs(5) 4) synproxy no longer works on outgoing rules (it never should have) 5) The code has been tested, but there is always a chance that some bugs remain unfound. If you spot anything, please let me know. Features that are in OpenBSD, but not yet in FreeBSD: - Filtering on route labels (we don't have any). - Return-rst on IP-less bridges (bridge support is still behind; There is work ongoing to improve this as well, though.). - Congestion prevention/graceful comeback (subject to future work). New features (from the OpenBSD release announcements): + pfctl(8) now provides a rules optimizer to help improve filtering speed. + pf, now supports nested anchors. + Support limiting TCP connections by establishment rate, automatically adding flooding IP addresses to tables and flushing states (max-src-conn-rate, overload <table>, flush global). + Improved functionality of tags (tag and tagged for translation rules, tagging of all packets matching state entries). + Improved diagnostics (error messages and additional counters from pfctl -si). + New keyword set skip on to skip filtering on arbitrary interfaces, like loopback. + Several bugfixes improving stability. -- /"\ Best regards, | mlaier_at_freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier_at_EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:38:33 UTC